Responsive website design, Norwich

Guide to preventing image hotlinking

by Mike Amis

Guide to preventing image hotlinking

In this guide, you will learn what image hotlinking is, how it can cost your business money and SEO ranking, as well as the steps you need to take to prevent it.

What is image hotlinking?

Image hotlinking is when a website uses images, usually without permission, directly from another website. That is, rather than ask permission, download the image and host the image on their own server, the website uses a direct link to the owner’s website to serve the image on their website.

1. <img src="/images/i-own-this-image.jpg" alt="This is my own image" >

In this instance the image is hosted on the same server as the website it is being used on.

1. <img src="">

In this instance the image is being hosted on a different server to the website it is being used on. Each time the image is viewed the request to fetch it is being sent to someone else’s server.

Why is image hotlinking bad?

Often, when someone hotlinks to image files they do not have permission to use the image and are infringing copyright, therefore stealing the image. As the image file is being stored on someone else’s server, every time a request to view the image is made, that request is handled by the owner’s server, therefore using their bandwidth, which can result in additional hosting costs. For full details of how to ensure your website is legally using content read this article.

How can I tell if my images are being hotlinked?

Images are often the largest files used on your website, so if there is an increased number of requests for your images from hotlinking websites you will certainly see an increase in your bandwidth usage. Bandwidth usage can be seen in your server logs via your control panel, or alternatively you could contact your hosting provider if you think there is an unusual or sudden increase in bandwidth usage. There are also several free analysis tools which will tell you how much of your bandwidth is used by images and where the traffic is coming from.

How do I prevent images being hotlinked?In this guide, you will learn what image hotlinking is, how it can cost your business money and SEO ranking, as well as the steps you need to take to prevent it.

How do I prevent images being hotlinked?

If you manage your website using cPanel, the process of preventing hotlinking is very straightforward. Under the security tab select Hotlink Protection.

On the next screen, you can configure exactly hot your hotlink protection works.

  1. Add all domains and subdomains that are permitted to use files on your server.
  2. Specify which file types you want to protect. Be default the most common image file types are selected.
  3. Check to allow direct access to images in a browser
  4. Specify a redirect address for all blocked requests. This can be to a page explaining that the website using the image does not have permission, or you can specify an alternative image.

Using .htaccess to prevent hotlinking

If you are using an Apache server and you have access to your .htaccess file you can manually protect your images by adding the following code.

1.    RewriteEngine on  
2.    RewriteCond %{HTTP_REFERER} !^$  
3.    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]  
4.    RewriteCond %{HTTP_REFERER} !google\. [NC]  
5.    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]  
6.    RewriteCond %{HTTP_REFERER} !bing\. [NC]  
7.    RewriteRule \.(jpg|jpeg|png|gif)$ [NC,F,L]

Line by line explanation

  • Enable URL rewrite module which is necessary for this to work
  • Denies the hotlinking request
  • Checks that any requests for images match your own server and allows them
  • Allows an exception for Google
  • Allows an exception for Yahoo
  • Allows an exception for Bing
  • Specifies an alternative image to be served when a hotlinking request is made.

It is important when specifying an alternative image to ensure that it is either hosted on another server (Dropbox in this case), or that is using a file extension that is not blocked otherwise the request will be blocked in the same way as any other hotlinking request.

Share this post


Leave a comment